Veracode Integration

CA | Veracode enables you to build software securely by providing application security in development, the release pipeline, and production. The CA Veracode TeamCity Plugin integrates the automated processes of Veracode Static Analysis and Veracode Software Composition Analysis, to deliver fast, repeatable results, into your TeamCity workflows. This integration means you can find security defects earlier in the development lifecycle and stop the build and release pipeline as soon as critical issues are found.
The CA Veracode TeamCity Plugin is part of the Veracode ecosystem of integrations that helps you connect Veracode with your software development process, including an IDE plugin for IntelliJ and other integrations for other build servers, IDEs, and defect tracking solutions. For more information about Veracode's integrations and APIs, see the Veracode Help Center.
Key Benefits

Integrate application security into the development tools you already use: From within TeamCity you can automatically scan code to find security vulnerabilities and optionally stop the build if serious security issues are found.

Don’t stop for false alarms: Because Veracode gives you accurate results and prioritizes them based on severity, you won’t need to waste resources dealing with hundreds of false positives. We have assessed over 6 trillion lines of code in 15 languages and 70+ frameworks, and we get better with every assessment due to our rapid update cycles and continuous improvement processes. And, if something does get through, just mitigate it using the easy Veracode workflow; we’ll remember it the next time.

Align your AppSec practices with your development practices: Do you have a large or distributed development team? Are you drowning in revision control branches? You can integrate your TeamCity workflows with the Veracode Developer Sandbox, which supports multiple development branches, feature teams, and other parallel development practices.

Don't just find vulnerabilities, fix them: Veracode gives you remediation guidance with each finding, as well as the data path that an attacker would use to reach the weak point in the application. Veracode also highlights the most common sources of vulnerabilities to help prioritize remediation. In addition, when vulnerability reports don’t provide enough clarity, you can set up one-on-one developer consultations with our experts who have backgrounds in both security and software development. Show-stopping security findings appear in your teams' list of work items automatically, and are automatically updated and closed after you scan your fixed code.

Proven onboarding process allows for scanning on day one: Want to get started quickly? The cloud-based Veracode Application Security Platform is designed to be instantly on and easy to use so that you can get started in minutes. Veracode's services and support team can get you going quickly and ensure you are on track to build application security into your process.